July Scam Email Roundup
It’s time for Cyber Insurance Australia to review some of the new email scams which targeted Australian businesses this July.
Today, as employee education continues to increase, criminals are very fastidious and clever with their malicious email scam attempts. No longer are the email scams poorly worded and as easily spotted by the general public. Criminal organisations are spending considerable amounts of time and money to deceive and scam Australians.
To verify, report or learn more about a scam contact the ATO Scam Report, Stay Smart Online or ScamWatch.
Cyber Insurance Australia reduces the costs of cyber crime for your business.
As always, ASIC makes it onto the list with another malicious attempt at using their likeness to fool unsuspecting business owners. Each month different email scams using ASIC branding are sent to millions of Australian email addresses with no end in sight. This particular scam as seen below, informs recipients that their business name is due for renewal. Simply click on the included link to download the renewal notice.
As you may suspect, the attached file is malicious and once opened could contain a virus, ransomware or other form of malicious software designed to interrupt or damage a system or data. These emails typically look well formatted with official branding from the government body or brand being impersonated.
In this particular email scam the sending address “ASIC.Transaction. No-reply @ asicdesk.com” is fake and the sending officer “Myra Tango” does not appear to exist as an employee at ASIC.
We previously wrote about other ASIC scams in May, April, February and January. It is safe to say that this won’t be the end of this type of ASIC email scam, we recommend discussing typical red flags with all staff to avoid an accidental incident.
ANZ bank has had a run of very well formatted scam emails targeting their customers during July. The emails inform recipients that their account statement is ready and available to view. Banks within Australian commonly email notifications that account statements are available but with some important differences.
As can be seen in the first screenshot, the body has been well written and the branding is official and taken from legitimate ANZ statement emails. The sender is listed as “statements@ anzcommunications.anz.com” which is the official email address used by ANZ to send their legitimate statement notifications. When hovering over the sender name the actual sending address is “statements@ anzhost.org” which is fake.
Similar to the ASIC scam above, once the recipient clicks the “view statement” button a download is launched which contains malicious software. Malware is designed to steal private information, damage or destroy data and disrupt computer systems.
The below screenshot is a legitimate ANZ statement notification email for comparison. The fake email scam even has the official Australian financial services license details, help desk number and security notice to help establish legitimacy.
Official bank notifications will never include the statement or any attachments. Legitimate ANZ emails will prompt customers to view their statement online using the ANZ banking portal.
Australian banks are regular targets for a number of reasons such as high technology adoption by the Australian public. We previously wrote about similar scams mimicking NAB and Citibank in past months.
Both Origin and EnergyAustralia have had another month of email scams targeting Australians. The theme of the scams is to imitate the email invoices sent out regularly by both energy organisations.
In each case this month the branding and legitimate email details have been copied almost perfectly in an effort to dupe recipients. The emails show a typical energy email bill notification showing a random amount and upcoming due date. The scam emails contain different amounts and dates in an attempt to avoid detection from security software.
Both emails have a “view bill” button which downloads a .zip file with malicious Javascript contained within. According to MailGuard, the malicious payload is designed to:
- Delay the analysis task by a long amount of time.
- Steal private information from local Internet browsers
- Install itself for autorun at Windows startup.
In some instances the due date has been incorrectly generated as a past date which is one red flag to identifying these scams. Other red flags are the random sending address, for example “noreply@ syrenergy.com”,” reply@globalenergyfinance .com” or “noreply@ energy2u.info”.
Official email billing addresses to keep an eye out for, anything else is fake:
noreply@billing.energyaustraliaonline.com.au
Millions of email scams are circulated daily to unsuspecting business owners and individuals. Awareness is half of the battle against a never ending wave of scams and phishing attempts, the other half is adequate email security.
In the event that your business is impacted by a cyber attack, data breach or email scam, cyber insurance is a cost effective way to mitigate the expenses, reputational damage and financial loss.
Cyber Insurance Australia reduces the costs of cyber crime for your business.
Share this list with your colleagues to help spread the word before one of these nefarious emails ends up at your business.
The ASIC website offers the following advice for avoiding email scams:
- Keep your antivirus software up to date
- Be wary of emails that don’t address you by name or misspell your details and have unknown attachments
- Don’t click any links on a suspicious email.
Above all we recommend educating employees to recognise suspicious emails and unusual behavior without curiosity getting the best of them.